Nimda worm hits banks
Published: 20 Sep 2001 18:15 BST
The internal networks of several international banks have been severely affected by the Nimda worm.
The worm, which can spread by email, through Web sites and across corporate LANs, appears to have caused massive Internet outages within several high-profile banks. Reports from Deutsche Bank suggest that Nimda brought down all Internet connections for UK employees yesterday, and HSBC has refused to deny reports that its internal servers have been seriously affected.
According to a report in the Sydney Morning Herald, the National Australia Bank saw its automatic teller, Internet banking, phone banking and broking services disrupted by the virus on Tuesday.
A source at Deutsche Bank, speaking on condition of anonymity, said: "We had no Internet access at all yesterday, and were forced to re-route all of our machines. Someone personally had to come to our desks to make sure that we had run our virus checks properly."
The news bodes poorly for banks who should have learnt their lesson from Code Red -- the predecessor to Nimda -- and protected their servers against the vulnerability in Microsoft's IIS server software that the two worms exploit.
"This highlights an issue with their security policy and implementation," said Paul Rogers, network security analyst at MIS Corporate Defence Solutions. "Organisations typically overlook laptop users dialing up from home, who download the virus without knowing, and then come back to work and plug into the internal network, [infecting] all machines."
According to anti-virus experts, it is unlikely that customer information would be compromised by a Nimda attack. "Nimda only distributes a payload -- it is not like SirCam, which additionally distributes random files," said Rogers. "There is a risk of data being destroyed, but this is minimal."
Other companies have also reported severe disruption this week from the side effects of Nimda. The IT manager at one large UK company told ZDnet UK how he had to shut down the firewall, losing an entire day's work for most of the company's staff.
The number of emails with Nimda's README/EXE attachement seems to have dwindled, with email virus scanning firm Messagelabs only reporting only 89 incidents in the past 24 hours, compared to 3,485 incidences of SirCam. But Nimda's ability to spread itself across LANs appears to be the cause of the continuing problems.
See the Viruses and Hacking News Section for the latest headlines.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
35 out of 81 people found this useful
- Share this article:
